Total
2182 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-30908 | 1 Hp | 1 Oneview | 2024-11-21 | N/A | 9.8 CRITICAL |
| A remote authentication bypass issue exists in a OneView API. | |||||
| CVE-2023-30799 | 1 Mikrotik | 1 Routeros | 2024-11-21 | N/A | 9.1 CRITICAL |
| MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system. | |||||
| CVE-2023-30769 | 1 Dogecoin | 1 Dogecoin | 2024-11-21 | N/A | 9.1 CRITICAL |
| Vulnerability discovered is related to the peer-to-peer (p2p) communications, attackers can craft consensus messages, send it to individual nodes and take them offline. An attacker can crawl the network peers using getaddr message and attack the unpatched nodes. | |||||
| CVE-2023-30547 | 1 Vm2 Project | 1 Vm2 | 2024-11-21 | N/A | 9.8 CRITICAL |
| vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside `handleException()` which can be used to escape the sandbox and run arbitrary code in host context. This vulnerability was patched in the release of version `3.9.17` of `vm2`. There are no known workarounds for this vulnerability. Users are advised to upgrade. | |||||
| CVE-2023-30438 | 1 Ibm | 17 Power System E1050, Power System E1080, Power System E950 and 14 more | 2024-11-21 | N/A | 9.3 CRITICAL |
| An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution of arbitrary code in other logical partitions on the same physical server. IBM X-Force ID: 252706. | |||||
| CVE-2023-30131 | 1 Ixpdata | 1 Easyinstall | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated privilege, and cause other unspecified impacts via unauthenticated API calls. | |||||
| CVE-2023-29382 | 1 Zimbra | 1 Collaboration | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component. | |||||
| CVE-2023-29381 | 1 Zimbra | 1 Collaboration | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters. | |||||
| CVE-2023-29357 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Microsoft SharePoint Server Elevation of Privilege Vulnerability | |||||
| CVE-2023-29130 | 1 Siemens | 1 Simatic Cn 4100 | 2024-11-21 | N/A | 9.9 CRITICAL |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of improper access controls in the configuration files that leads to privilege escalation. An attacker could gain admin access with this vulnerability leading to complete device control. | |||||
| CVE-2023-28808 | 1 Hikvision | 20 Ds-a71024, Ds-a71024 Firmware, Ds-a71048 and 17 more | 2024-11-21 | N/A | 9.1 CRITICAL |
| Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices. | |||||
| CVE-2023-28765 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | N/A | 9.8 CRITICAL |
| An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, can get access to lcmbiar file and further decrypt the file. After this attacker can gain access to BI user’s passwords and depending on the privileges of the BI user, the attacker can perform operations that can completely compromise the application. | |||||
| CVE-2023-28762 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | N/A | 9.1 CRITICAL |
| SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. The attacker can impersonate any user on the platform resulting into accessing and modifying data. The attacker can also make the system partially or entirely unavailable. | |||||
| CVE-2023-28531 | 2 Netapp, Openbsd | 4 Brocade Fabric Operating System, Hci Bootstrap Os, Solidfire Element Os and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9. | |||||
| CVE-2023-28250 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | |||||
| CVE-2023-28100 | 1 Flatpak | 1 Flatpak | 2024-11-21 | N/A | 10.0 CRITICAL |
| Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the `TIOCLINUX` ioctl command instead of `TIOCSTI`. If a Flatpak app is run on a Linux virtual console such as `/dev/tty1`, it can copy text from the virtual console and paste it into the command buffer, from which the command might be run after the Flatpak app has exited. Ordinary graphical terminal emulators like xterm, gnome-terminal and Konsole are unaffected. This vulnerability is specific to the Linux virtual consoles `/dev/tty1`, `/dev/tty2` and so on. A patch is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, don't run Flatpak on a Linux virtual console. Flatpak is primarily designed to be used in a Wayland or X11 graphical environment. | |||||
| CVE-2023-26474 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 9.9 CRITICAL |
| XWiki Platform is a generic wiki platform. Starting in version 13.10, it's possible to use the right of an existing document content author to execute a text area property. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11. There are no known workarounds. | |||||
| CVE-2023-26471 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 9.9 CRITICAL |
| XWiki Platform is a generic wiki platform. Starting in version 11.6-rc-1, comments are supposed to be executed with the right of superadmin but in restricted mode (anything dangerous is disabled), but the async macro does not take into account the restricted mode. This means that any user with comment right can use the async macro to make it execute any wiki content with the right of superadmin. This has been patched in XWiki 14.9, 14.4.6, and 13.10.10. The only known workaround consists of applying a patch and rebuilding and redeploying `org.xwiki.platform:xwiki-platform-rendering-async-macro`. | |||||
| CVE-2023-26468 | 1 Cerebrate-project | 1 Cerebrate | 2024-11-21 | N/A | 9.1 CRITICAL |
| Cerebrate 1.12 does not properly consider organisation_id during creation of API keys. | |||||
| CVE-2023-26119 | 1 Htmlunit | 1 Htmlunit | 2024-11-21 | N/A | 9.8 CRITICAL |
| Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. | |||||